@echo off
chcp 65001 >nul 2>&1
echo ==========================================
echo     IMPROVED CORS Configuration Test
echo ==========================================
echo.

echo Testing CORS configuration after fix...
echo.

echo [Test 1] OPTIONS Preflight Request (Should work now):
echo -----------------------------------------
curl -X OPTIONS -H "Origin: http://localhost:3000" ^
     -H "Access-Control-Request-Method: POST" ^
     -H "Access-Control-Request-Headers: Authorization,Content-Type" ^
     -v http://localhost:9000/test/ping 2>&1 | findstr /C:"HTTP" /C:"Access-Control"
echo.
echo.

echo [Test 2] GET Request with Origin (Should have CORS headers):
echo -----------------------------------------
curl -H "Origin: http://localhost:3000" ^
     -v http://localhost:9000/test/ping 2>&1 | findstr /C:"HTTP" /C:"Access-Control" /C:"Gateway is working"
echo.
echo.

echo [Test 3] Authentication Test with CORS:
echo -----------------------------------------
echo Without Token (should return 401 with CORS headers):
curl -H "Origin: http://localhost:3000" ^
     -v http://localhost:9000/test/auth-required 2>&1 | findstr /C:"HTTP" /C:"Access-Control" /C:"Unauthorized"
echo.

echo With Token (should return 200 with CORS headers):
curl -H "Origin: http://localhost:3000" ^
     -H "Authorization: Bearer mytoken" ^
     -v http://localhost:9000/test/auth-required 2>&1 | findstr /C:"HTTP" /C:"Access-Control" /C:"authentication"
echo.
echo.

echo [Test 4] Provider Service with CORS:
echo -----------------------------------------
curl -H "Origin: http://localhost:8080" ^
     -H "Authorization: Bearer mytoken" ^
     -v http://localhost:9000/provider/user/getUserById/1 2>&1 | findstr /C:"HTTP" /C:"Access-Control" /C:"userName"
echo.
echo.

echo [Test 5] Load Balancing Demo with CORS:
echo -----------------------------------------
curl -H "Origin: http://localhost:3000" ^
     -v http://localhost:9000/lb-demo/user/instance-info 2>&1 | findstr /C:"HTTP" /C:"Access-Control" /C:"port"
echo.
echo.

echo ==========================================
echo Expected CORS Headers in Successful Tests:
echo - Access-Control-Allow-Origin: (matching origin)
echo - Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD
echo - Access-Control-Allow-Headers: *
echo - Access-Control-Allow-Credentials: true
echo - Access-Control-Max-Age: 3600
echo ==========================================
echo.

pause 